1
0
forked from brl/citadel

remove grsec sysctl config

This commit is contained in:
Bruce Leidl 2019-04-06 16:05:30 -04:00
parent 8d23eea6f4
commit 912e193d85
2 changed files with 0 additions and 19 deletions

View File

@ -19,7 +19,6 @@ MODPROBE_CONFIG = "\
" "
SYSCTL_CONFIG = "\ SYSCTL_CONFIG = "\
file://sysctl/99-grsec-debootstrap.conf \
file://sysctl/90-citadel-sysctl.conf \ file://sysctl/90-citadel-sysctl.conf \
" "
@ -108,10 +107,6 @@ do_install() {
install -m 644 -T ${WORKDIR}/skel/bashrc ${D}${sysconfdir}/skel/.bashrc install -m 644 -T ${WORKDIR}/skel/bashrc ${D}${sysconfdir}/skel/.bashrc
install -m 644 -T ${WORKDIR}/skel/vimrc ${D}${sysconfdir}/skel/.vimrc install -m 644 -T ${WORKDIR}/skel/vimrc ${D}${sysconfdir}/skel/.vimrc
# disable some pax and grsecurity features so that debootstrap will work
# this should be removed later
install -m 0644 ${WORKDIR}/sysctl/99-grsec-debootstrap.conf ${D}${libdir}/sysctl.d/
install -m 0644 ${WORKDIR}/sysctl/90-citadel-sysctl.conf ${D}${libdir}/sysctl.d/ install -m 0644 ${WORKDIR}/sysctl/90-citadel-sysctl.conf ${D}${libdir}/sysctl.d/
install -m 0644 ${WORKDIR}/udev/citadel-network.rules ${D}${sysconfdir}/udev/rules.d/ install -m 0644 ${WORKDIR}/udev/citadel-network.rules ${D}${sysconfdir}/udev/rules.d/

View File

@ -1,14 +0,0 @@
# disable some pax and grsecurity features so that debootstrap will work
# this should be removed later
kernel.grsecurity.chroot_caps = 0
kernel.grsecurity.chroot_deny_chmod = 0
kernel.grsecurity.chroot_deny_mknod = 0
kernel.grsecurity.chroot_deny_mount = 0
kernel.grsecurity.chroot_deny_pivot = 0
# Chrome/Chromium sandbox won't work without this
kernel.grsecurity.chroot_deny_fchdir = 0
kernel.pax.softmode = 1